Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@6.0.32
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version6.0.32
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.0.34
Latest_non_vulnerable_version11.0.18
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-atus-ryef-17h1
vulnerability_id VCID-atus-ryef-17h1
summary 
Mozilla developers added support in the Network Security Services
module for preventing a type of man-in-the-middle attack against TLS
using forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and
Firefox 3.5 users will need to set
their security.ssl.require_safe_negotiation preference to
true.  Firefox 3 does not contain the fix for this issue.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
2
reference_url https://nginx.org/download/patch.cve-2009-3555.txt
reference_id
reference_type
scores
url https://nginx.org/download/patch.cve-2009-3555.txt
3
reference_url https://nginx.org/download/patch.cve-2009-3555.txt.asc
reference_id
reference_type
scores
url https://nginx.org/download/patch.cve-2009-3555.txt.asc
4
reference_url https://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-7.html
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
reference_id CVE-2009-3555
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-3555
reference_id CVE-2009-3555
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2009-3555
7
reference_url https://github.com/advisories/GHSA-f7w7-6pjc-wwm6
reference_id GHSA-f7w7-6pjc-wwm6
reference_type
scores
url https://github.com/advisories/GHSA-f7w7-6pjc-wwm6
8
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2010-22
reference_id mfsa2010-22
reference_type
scores
0
value low
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2010-22
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@5.5.33
purl pkg:maven/org.apache.tomcat/tomcat@5.5.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t2h-jjhm-y7fq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.33
1
url pkg:maven/org.apache.tomcat/tomcat@6.0.32
purl pkg:maven/org.apache.tomcat/tomcat@6.0.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.32
2
url pkg:maven/org.apache.tomcat/tomcat@7.0.10
purl pkg:maven/org.apache.tomcat/tomcat@7.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.10
aliases CVE-2009-3555, GHSA-f7w7-6pjc-wwm6, VU#120541
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-atus-ryef-17h1
1
url VCID-vsta-e8jg-4qa8
vulnerability_id VCID-vsta-e8jg-4qa8
summary 
Apache Tomcat does not enforce the maxHttpHeaderSize limit
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
references
0
reference_url http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
reference_id
reference_type
scores
url http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
2
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
4
reference_url https://github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8
5
reference_url https://support.apple.com/kb/HT5002
reference_id
reference_type
scores
url https://support.apple.com/kb/HT5002
6
reference_url http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
reference_id
reference_type
scores
url http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
7
reference_url https://web.archive.org/web/20110801035315/http://secunia.com/advisories/45022
reference_id
reference_type
scores
url https://web.archive.org/web/20110801035315/http://secunia.com/advisories/45022
8
reference_url https://web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074
reference_id
reference_type
scores
url https://web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074
9
reference_url https://web.archive.org/web/20121024140440/http://secunia.com/advisories/43192
reference_id
reference_type
scores
url https://web.archive.org/web/20121024140440/http://secunia.com/advisories/43192
10
reference_url https://web.archive.org/web/20121212040149/http://www.securitytracker.com/id?1025027
reference_id
reference_type
scores
url https://web.archive.org/web/20121212040149/http://www.securitytracker.com/id?1025027
11
reference_url https://web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164
reference_id
reference_type
scores
url https://web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164
12
reference_url https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126
reference_id
reference_type
scores
url https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126
13
reference_url https://web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threaded
reference_id
reference_type
scores
url https://web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threaded
14
reference_url http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32
reference_id
reference_type
scores
url http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32
15
reference_url http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_(released_5_Feb_2011)
reference_id
reference_type
scores
url http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_(released_5_Feb_2011)
16
reference_url http://www.debian.org/security/2011/dsa-2160
reference_id
reference_type
scores
url http://www.debian.org/security/2011/dsa-2160
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0534
reference_id CVE-2011-0534
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-0534
18
reference_url https://github.com/advisories/GHSA-43v2-6grp-9pp9
reference_id GHSA-43v2-6grp-9pp9
reference_type
scores
url https://github.com/advisories/GHSA-43v2-6grp-9pp9
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@6.0.32
purl pkg:maven/org.apache.tomcat/tomcat@6.0.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.32
1
url pkg:maven/org.apache.tomcat/tomcat@7.0.8
purl pkg:maven/org.apache.tomcat/tomcat@7.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.8
aliases CVE-2011-0534, GHSA-43v2-6grp-9pp9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsta-e8jg-4qa8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.32